[emeraldnzl]

How do i confirm if my hard drive is SSD (Solid State Disk)?

You should know if your have an SSD disk. See link below for information.

http://en.wikipedia....lid-state_drive

General use is only very recent. I doubt very much that your machine will have one unless you upgraded to it and in that case you would know.

I clicked the option to uninstall the older versions but it didn't work. It said to manually uninstall both using add/remove programs.

If they are not there which seems to be confirmed by your search and by Revo Unistaller then maybe it did work.

Firefox > Help > About Firefox and allow it checked and said it was up to date(version 24.0).

http://www.mozilla.o...firefox/update/ also confirmed i am up to date.

That's fine, seems Security Check got it wrong.

[Advertisements]

Ran the Defrag on the C drive

The whole log was too big to post so here is the summary .Also attached the text file with full details .To double check did i run the right test?

Report for user "user"
Disk: Local Disk (C:), NTFS
Disk Defragmentation Summary


Disk Size 38.33 GB
Free Space Size 8.21 GB
Clusters 10048649
Sectors per cluster 8
Bytes per sector 512
Defragmentation started 22/10/2013 19:53:25
Defragmentation completed 22/10/2013 20:22:10
Elapsed time 00:28:44
Total Files 198116
Total Directories 17250
Fragmented Files 11676
Defragmented Files 11648
Skipped Files 28
Fragmentation Before 20.53% |||||||||||
Fragmentation After 5.30% |||

Attached Files

•  Auslogics Disk Defrag Report.txt   1.33MB   155 downloads

[arclight]

Ran the Defrag on the C drive

The whole log was too big to post so here is the summary .Also attached the text file with full details .To double check did i run the right test?

Report for user "user"
Disk: Local Disk (C:), NTFS
Disk Defragmentation Summary


Disk Size 38.33 GB
Free Space Size 8.21 GB
Clusters 10048649
Sectors per cluster 8
Bytes per sector 512
Defragmentation started 22/10/2013 19:53:25
Defragmentation completed 22/10/2013 20:22:10
Elapsed time 00:28:44
Total Files 198116
Total Directories 17250
Fragmented Files 11676
Defragmented Files 11648
Skipped Files 28
Fragmentation Before 20.53% |||||||||||
Fragmentation After 5.30% |||

Attached Files

•  Auslogics Disk Defrag Report.txt   1.33MB   155 downloads

[emeraldnzl]

Still experiencing problems with programs running?

Tell me when you come back.

Meantime

Please download Farbar Service Scanner and run.

• Make sure the following options are checked:
  
  
  
• Internet Services
• Windows Firewall
• System Restore
• Security Center/Action Center
• Windows Update
• Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]

[arclight]

Farbar Service Scanner Version: 20-10-2013
Ran by user (administrator) on 22-10-2013 at 22:11:58
Running from "H:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(11) cmdHlp(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A000000090000000B0000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Today everything has been running fine but since the problem started on several days the PC has been fine on certain days and then the error occurred again.It went like this

Saturday 13th:Issue first occurred
Sunday:ran fine, no problems
Monday:ran fine, no problems
Tuesday:ran fine, no problems
Wednesday:ran fine, no problems
Thursday:ran fine, no problems
Friday:problem occurred again
Saturday:ran fine, no problems
Sunday:problem occurred again
Monday:problem occurred again
Tuesday(so far):ran fine, no problems

So today everything has been good but tomorrow it might occur again,it appears erratically.It doesn't seem to occur if i boot in safe mode. The PC runs if i end the svchost.exe process causing the 100% CPU usage with the exception that i can notice that the sound no longer works unless i reboot.After rebooting though the problem will still occur.

Edited by arclight, 22 October 2013 - 03:23 PM.

[emeraldnzl]

Nothing leaping out at me there. All the services seem to okay.

The PC runs if i end the svchost.exe process causing the 100% CPU usage

SVCHOST.EXE is a generic host process for services.

There can be multiple svchost.exe running on a system and each SVCHOST.EXE can also hold multiple services.

lt is needed for the efficient running of your machine.

It doesn't seem to occur if i boot in safe mode

Something that doesn't work in Safe Mode then. Maybe a security program interfering with updates or some such.

Looking back on this thread I see numerous application errors at CatRoot2 which although I am not a techie I believe is involve with Windows Updates.

This link may be of help

Hopefully the link above will give you something to work with. I would start first with the suggestion to try temporarily turning off your security services one at a time to see if that is a cause.

Tell me how you get on.

[arclight]

Should i attempt any of this now or wait to see if the error occurs again? As mentioned it is infrequent so it might not appear for several days again.

Edited by arclight, 22 October 2013 - 09:04 PM.

[emeraldnzl]

Up to you really. If it's not bothering you then don't worry about it but if it is then maybe check it out next time it happens.

[arclight]

Well i went into safe mode, had a look in msconfig at the services and start up options and

tried turning off the security services and several others.

After two days it seems to be the windows update service that is causing the issue.

In msconfig it was not running in safe mode so i stopped the service and went i booted in normal mode everything was fine.

I then turned on windows update manually in normal mode via security centre a minute later svchost.exe went to to 100% cpu usage.

Should i go through the steps in the windows link you left? I want to double check before doing anything

Thx

[emeraldnzl]

Should i go through the steps in the windows link you left?

Try the the Fixit utility at the link below first:

Go to the link below for instructions on how to fix Windows Update.

http://support.microsoft.com/kb/971058

[arclight]

Ran the fix it and it picked up a few things. Heres the log

It said one issue was not fixed so i'll have to monitor things to see how they go. So far things are ok.


Windows UpdatePublisher details

Issues found
Service registration is missing or corruptService registration is missing
or corruptNot fixed
Reset service registrationSucceeded

Check for missing or corrupt filesCheck for missing or corrupt filesFixed
Repair missing or corrupt filesSucceeded

Windows Update error 0x80070005(2013-10-29-T-06_56_50A)Windows Update
error 0x80070005(2013-10-29-T-06_56_50A)Fixed
Resetting Windows Update data storeSucceeded

Problems installing recent updatesProblems installing recent updatesFixed
Repair Windows UpdateSucceeded

Issues checked
Windows Update environment variables are incorrectWindows Update
environment variables are incorrectChecked
Some security settings are missing or have been changedSome security
settings are missing or have been changedChecked
Windows Update services are not runningWindows Update services are not
runningChecked
Cryptographic service components are not registeredCryptographic service
components are not registeredChecked

Issues foundDetection details

6Service registration is missing or corruptNot fixed

Reset service registrationSucceeded


6Check for missing or corrupt filesFixed

Repair missing or corrupt filesSucceeded


6Windows Update error 0x80070005(2013-10-29-T-06_56_50A)Fixed

Resetting Windows Update data storeSucceeded


6Problems installing recent updatesFixed

Repair Windows UpdateSucceeded



Issues checkedDetection details

6Windows Update environment variables are incorrectChecked

Restore Windows Update environment variablesNot Run


6Some security settings are missing or have been changedChecked

Reset security settingsNot Run


6Windows Update services are not runningChecked

Register files required for Windows UpdateNot Run


6Cryptographic service components are not registeredChecked

Register cryptographic service componentsNot Run



Detection details

Collection information
Computer Name: USER-2A1DED054E
Windows Version:5.1
Architecture:x86
Time:10/29/2013 6:51:56 AM

Publisher details

Windows Update
Find and fix problems with Windows Update
Package Version:8.1.2.20130414
Publisher:Microsoft Corporation

[emeraldnzl]

Hello again arclight,

Some progress it seems.

I will be interested to hear how it goes.

Meantime I don't think any malware issues remain so I think we should remove the tools we have been using.

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

• Go to Start > Programs > Accessories and click on Run
• Copy and paste the the bolded text below in the box then hit OK
  
  Combofix /Uninstall
  
  

Step 2

• Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
• Click on the CleanUp! button
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

• Download Java for Windows
  
  Reboot your computer.
  You also need to unininstall older versions of Java.
  
• Click Start > Control Panel > Add or Remove Programs
• Remove all Java updates except the latest one you have just installed.

----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

[arclight]

Well i spoke too soon

Same issue still occurs,everything runs fine,i turn on windows update and svchost.exe still goes to 100%.

Ran the fixit a second time and tried it but no change

Should i try the first suggestion here at this link?

http://answers.micro...57-b8ddbbbe9700

[emeraldnzl]

Hello again arclight,

Go to Start > Run and type

windowsupdate.log

Click OK

The log should open in Notepad

Copy and paste the contents back here.

[arclight]

Hi

It was too long to post so i attached it.

Sorry for the late reply,haven't been on the PC lately.

Attached Files

•  windowsupdate.log   1.71MB   158 downloads

[emeraldnzl]

I have been clearing up some old topics and see I overlooked answering this.

My apologies arclight. Did this get fixed?

I know you are pursuing a topic in the XP forum so maybe you can raise the problem there if it is still outstanding.

Tell me what you want to do.